New OWASP report

keith73

The Open Web Application Security Project has released the 2004 Top Ten Web Application Vulnerabilities.

http://www.owasp.org/documentation/topten

A good read. last year, I just started at a new job when I saw this report. The app I was working on was originally done by someone else and was guilty of 5 or 6 of those vulnerabilities.

something a lot of newbies should read before tackling those e-commerce sites.

keith

planetsim

Im pretty sure this has been posted here before. But it still is a very important read for users to learn about Security Risks

Moonglobe

for something with "open" in the name, its surprising their using MS office style quotes. :rolleyes:

piersk

Originally posted by planetsim
Im pretty sure this has been posted here before. But it still is a very important read for users to learn about Security Risks

I seem to remember Jayant posting the 2003 one here about a year ago.

keith73

Originally posted by planetsim
Im pretty sure this has been posted here before. But it still is a very important read for users to learn about Security Risks

I searched on owasp before posting, I found one thread that referred to it, nothing else. plus this is the new report for 2004. I learned about it from the webappsec mailing list on security focus.

from the website:

January 27th, 2004 - We are pleased to release the updated OWASP Top Ten for 2004. This years Top Ten follows on from the tradition started in 2003, and includes a new issue (application denial of service) and restates the categories to align with the future OASIS WAS XML standard (due later 2004).

I wouldn't have posted it if it was here already.

keith

goldbug

Originally posted by Moonglobe
for something with "open" in the name, its surprising their using MS office style quotes. :rolleyes:

Agh, that's a peeve of mine. What is so difficult about “ (&#8220; ) and ” (&#8221; ) that makes them so underutilized? Hell, I'd even take " (&quot; ). Yet another reason I don't use WYSIWYG editors 😃

goldbug

edit: crap, repost.

Weedpacket

Even easier: &ldquo; and &rdquo;

drawmack

neat I already do all of those things.

Weedpacket

Originally posted by drawmack
neat I already do all of those things.

Wot; edit, crap and repost?

Sorry. Couldn't resist. Didn't try very hard, though

drawmack

okay, not in the examples I post on the boards but in my application code.